Launchpad.net

CVE 2008-1974

Cross-site scripting (XSS) vulnerability in addevent.php in Horde Kronolith 2.1.7, Groupware Webmail Edition 1.0.6, and Groupware 1.0.5 allows remote attackers to inject arbitrary web script or HTML via the url parameter.

Related bugs and status

CVE-2008-1974 (Candidate) is related to these bugs:

Bug #227291: [kronolith2] [CVE-2008-1974] cross site scripting

		In	Importance	Status
227291	[kronolith2] [CVE-2008-1974] cross site scripting	kronolith2 (Ubuntu)	Undecided	Fix Released
227291	[kronolith2] [CVE-2008-1974] cross site scripting	kronolith2 (Debian)	Unknown	Fix Released
227291	[kronolith2] [CVE-2008-1974] cross site scripting	kronolith2 (Ubuntu Dapper)	Undecided	Won't Fix
227291	[kronolith2] [CVE-2008-1974] cross site scripting	kronolith2 (Ubuntu Feisty)	Undecided	Won't Fix
227291	[kronolith2] [CVE-2008-1974] cross site scripting	kronolith2 (Ubuntu Gutsy)	Undecided	Won't Fix
227291	[kronolith2] [CVE-2008-1974] cross site scripting	kronolith2 (Ubuntu Hardy)	Undecided	Won't Fix
227291	[kronolith2] [CVE-2008-1974] cross site scripting	kronolith2 (Ubuntu Intrepid)	Undecided	Fix Released

See the

CVE page on Mitre.org for more details.

References

MLIST: [kronolith] 20080427 K...
MISC: http://forum.aria-secu...
BID: 28898
SECUNIA: 29920
SECTRACK: 1019934
FEDORA: FEDORA-2008-3460
FEDORA: FEDORA-2008-3543
SECUNIA: 30649
SREASON: 3831
OSVDB: 51238
VUPEN: ADV-2008-1373
DEBIAN: DSA-1560
XF: horde-webmail-addevent...
BUGTRAQ: 20080422 Horde Webmail...